On This Page

Malware Analysis Master Class

FLARE Team of Mandiant, A FireEye Company | August 4-7

 Early

$4,800

ENDS MAY 25 2359 PT
 Regular

$5,100

ENDS JULY 13 2359 PT
 Late

$5,300

ENDS AUGUST 3 2359 PT
 On-Site

$5,400

ENDS AUGUST 9

Overview

Designed for experienced malware analysts, this course will help advance students' malware analysis capabilities to dissect more complex and wider range of malware samples. This course is focused on advanced topics related to combating malware defense mechanisms. Students will learn how to specifically combat against anti-disassembly, anti-debugging and anti-virtual machine techniques. They will also learn how to defeat packed and armored executables, analyze encryption and encoding algorithms, and defeat various obfuscation techniques. Students will be challenged to demonstrate these skills several times throughout the course. Additional topics covered include malware stealth techniques, such as process injection and rootkit technology; analysis of samples written in alternate programming languages, such as C++; and using popular software frameworks, such as .NET.

Students will learn not only about existing tools and techniques, but also how to be self-sufficient at malware analysis by researching and developing their own IDA Pro scripts and plugins. All concepts and materials presented are reinforced with demonstrations, real-world case studies, follow-along exercises, and labs to allow students to practice what they have learned. This class is taught by senior FLARE Malware Analysts who are experienced in fighting through the state-of-the-art malware armor.

Who Should Take this Course

Intermediate to advanced malware analysts, information security professionals, forensic investigators or others requiring an understanding of how to overcome difficult challenges in malware analysis.

Student Requirements

Designed for the experienced malware analyst, a robust skill set in x86 architecture and the Windows APIs is essential. Exposure to software development is also highly recommended.

What Students Should Bring

Students must bring their own laptop computer with VMware Workstation 10+ or VMWare Fusion 7+ installed. Laptops should have at least 30GB of free space.

A licensed copy of IDA Pro is highly recommended to participate in ALL labs, but the free version can be used in most cases.

What Students Will Be Provided With

  • A student manual.
  • Class handouts.
  • FireEye/Mandiant gear.

Trainers

Instructors will be determined and bios will be provided as we near the event; however, they will be from the pool of seasoned instructors we use year after year.